Total
4240 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-2281 | 1 Jenkins | 1 Lockable Resources | 2020-09-28 | 5.8 MEDIUM | 5.4 MEDIUM |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Lockable Resources Plugin 2.8 and earlier allows attackers to reserve, unreserve, unlock, and reset resources. | |||||
| CVE-2019-16009 | 1 Cisco | 2 Ios, Ios Xe | 2020-09-28 | 7.6 HIGH | 8.8 HIGH |
| A vulnerability in the web UI of Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protections for the web UI on an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the targeted user. If the user has administrative privileges, the attacker could alter the configuration, execute commands, or reload an affected device. | |||||
| CVE-2020-12840 | 1 Gogogate | 2 Ismartgate Pro, Ismartgate Pro Firmware | 2020-09-27 | 4.3 MEDIUM | 6.5 MEDIUM |
| ismartgate PRO 1.5.9 is vulnerable to CSRF that allows remote attackers to upload sound files via /index.php | |||||
| CVE-2020-12841 | 1 Gogogate | 2 Ismartgate Pro, Ismartgate Pro Firmware | 2020-09-27 | 4.3 MEDIUM | 6.5 MEDIUM |
| ismartgate PRO 1.5.9 is vulnerable to CSRF that allows remote attackers to upload imae files via /index.php | |||||
| CVE-2020-12282 | 1 Gogogate | 2 Ismartgate Pro, Ismartgate Pro Firmware | 2020-09-27 | 6.8 MEDIUM | 8.8 HIGH |
| iSmartgate PRO 1.5.9 is vulnerable to CSRF via the busca parameter in the form used for searching for users, accessible via /index.php. (This can be combined with reflected XSS.) | |||||
| CVE-2020-12281 | 1 Gogogate | 2 Ismartgate Pro, Ismartgate Pro Firmware | 2020-09-27 | 4.3 MEDIUM | 6.5 MEDIUM |
| iSmartgate PRO 1.5.9 is vulnerable to CSRF that allows remote attackers to create a new user via /index.php. | |||||
| CVE-2020-12280 | 1 Gogogate | 2 Ismartgate Pro, Ismartgate Pro Firmware | 2020-09-27 | 4.3 MEDIUM | 6.5 MEDIUM |
| iSmartgate PRO 1.5.9 is vulnerable to CSRF that allows remote attackers to open/close a specified garage door/gate via /isg/opendoor.php. | |||||
| CVE-2020-14025 | 1 Ozeki | 1 Ozeki Ng Sms Gateway | 2020-09-25 | 6.8 MEDIUM | 8.8 HIGH |
| Ozeki NG SMS Gateway through 4.17.6 has multiple CSRF vulnerabilities. For example, an administrator, by following a link, can be tricked into making unwanted changes such as installing new modules or changing a password. | |||||
| CVE-2020-14506 | 1 Philips | 1 Clinical Collaboration Platform | 2020-09-25 | 4.3 MEDIUM | 4.3 MEDIUM |
| Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. The product receives input or data, but it does not validate or incorrectly validates that the input has the properties required to process the data safely and correctly. | |||||
| CVE-2020-15182 | 2 Soy Cms Project, Soy Inquiry Project | 2 Soy Cms, Soy Inquiry | 2020-09-23 | 6.8 MEDIUM | 9.6 CRITICAL |
| The SOY Inquiry component of SOY CMS is affected by Cross-site Request Forgery (CSRF) and Remote Code Execution (RCE). The vulnerability affects versions 2.0.0.3 and earlier of SOY Inquiry. This allows remote attackers to force the administrator to edit files once the administrator loads a specially crafted webpage. An administrator must be logged in for exploitation to be possible. This issue is fixed in SOY Inquiry version 2.0.0.4 and included in SOY CMS 3.0.2.328. | |||||
| CVE-2020-13259 | 1 Rad | 2 Secflow-1v, Secflow-1v Firmware | 2020-09-22 | 9.3 HIGH | 8.8 HIGH |
| A vulnerability in the web-based management interface of RAD SecFlow-1v os-image SF_0290_2.3.01.26 could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protections for the web UI on an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the affected user. This could be exploited in conjunction with CVE-2020-13260. | |||||
| CVE-2020-4617 | 1 Ibm | 1 Data Risk Manager | 2020-09-22 | 5.8 MEDIUM | 8.1 HIGH |
| IBM Data Risk Manager (iDNA) 2.0.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 184930. | |||||
| CVE-2020-2268 | 1 Jenkins | 1 Mongodb | 2020-09-21 | 6.8 MEDIUM | 8.8 HIGH |
| A cross-site request forgery (CSRF) vulnerability in Jenkins MongoDB Plugin 1.3 and earlier allows attackers to gain access to some metadata of any arbitrary files on the Jenkins controller. | |||||
| CVE-2020-23451 | 1 Spiceworks | 1 Spiceworks | 2020-09-18 | 6.8 MEDIUM | 8.8 HIGH |
| Spiceworks Version <= 7.5.00107 is affected by CSRF which can lead to privilege escalation via "/settings/v1/users" function. | |||||
| CVE-2020-23824 | 1 Argosoft | 1 Mail Server | 2020-09-18 | 6.8 MEDIUM | 8.8 HIGH |
| ArGo Soft Mail Server 1.8.8.9 is affected by Cross Site Request Forgery (CSRF) for perform remote arbitrary code execution. The component is the Administration dashboard. When using admin/user credentials, if the admin/user admin opens a website with the malicious page that will run the CSRF. | |||||
| CVE-2020-10229 | 1 Vtenext | 1 Vtenext | 2020-09-18 | 6.8 MEDIUM | 8.8 HIGH |
| A CSRF issue in vtecrm vtenext 19 CE allows attackers to carry out unwanted actions on an administrator's behalf, such as uploading files, adding users, and deleting accounts. | |||||
| CVE-2020-2273 | 1 Jenkins | 1 Elastest | 2020-09-18 | 4.3 MEDIUM | 4.3 MEDIUM |
| A cross-site request forgery (CSRF) vulnerability in Jenkins ElasTest Plugin 1.2.1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials. | |||||
| CVE-2018-19948 | 1 Qnap | 1 Helpdesk | 2020-09-16 | 4.3 MEDIUM | 6.5 MEDIUM |
| The vulnerability have been reported to affect earlier versions of Helpdesk. If exploited, this cross-site request forgery (CSRF) vulnerability could allow attackers to force NAS users to execute unintentional actions through a web application. QNAP has already fixed the issue in Helpdesk 3.0.3 and later. | |||||
| CVE-2020-24739 | 1 Idreamsoft | 1 Icms | 2020-09-16 | 4.3 MEDIUM | 6.5 MEDIUM |
| A CSRF vulnerability was found in iCMS v7.0.0 in the background deletion administrator account. When missing the CSRF_TOKEN and can still request normally, all administrators except the initial administrator will be deleted. | |||||
| CVE-2020-4526 | 1 Ibm | 1 Maximo Asset Management | 2020-09-15 | 4.3 MEDIUM | 4.3 MEDIUM |
| IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 182436. | |||||